Close Your Cybersecurity Gaps with Advanced Web Filtering
By Jared Hrabak, Consulting Cybersecurity Engineer, cStor and MicroAge
As a kid, I joined the Boy Scouts and after years of hard work and determination, I eventually reached the highest achievement level possible: Eagle Scout. The most pivotal lesson from my Scout training that has carried into every aspect of my life and career has been this: being prepared pays off.
In today’s dynamic cybersecurity environment, “being prepared” is still my nature. It means the difference between a company thriving or failing. In my role, I dive deep into many aspects of security and there are some aspects, such as web filtering, that I believe should absolutely be part of a modern, advanced cyber strategy. Many companies are lagging on this front, either unaware or uninformed of the potential risks around everyday Internet usage by their employees.
Ask yourself this: do you really know where your employees are going online? Is there potential for data loss by allowing access to file-sharing or personal webmail? Are risky domains and websites being accessed? Is there potential for a user to access a malicious website?
You might assume you’re effectively monitoring where employees are traveling online. I assure you, there’s more to the story. Here are some ways you can BE PREPARED, and three ways you can advance your cyber strategy to close the gaps.
BE PREPARED with a Clear Acceptable Use Policy (AUP)
Ensure you have an acceptable use policy of what employees are and are not allowed to do on the Internet, including the balance between productivity, personal usage time and loss of company data. If you already have one, be sure it’s reviewed and updated at least once a year and employees receive policy training.
Role-based rules in your policy are equally important. Some employees, such as marketing and HR, may need access to social media and professional networking sites in order to perform everyday job tasks. Other functions and remote workers may need different access and permissions. As you review your employee base and their needs, be sure you take role context into account and the monitoring tools you use that offer this flexibility.
Anomaly spikes in Internet usage behavior should send a red flag into your systems. Having a clear policy that is current and well-articulated with your employee base gives you a guideline to monitor and enforce. Be sure you have the right tools to monitor and alert your team on such flags.
BE PREPARED with the Level of Risk You’re Willing to Accept
The lack of a policy, or a murky one, simply means risk in the form of data, revenue and productivity losses. It’s critical to have a clear handle on what level of risk you and your management team are willing to accept. This will define the functionality you need from a web filtering tool. If you’re uncertain about where to start, consult an expert to have the discussion. While there are many tools to choose from, identifying what’s right for your company is more of an art than a science, so getting resources engaged that can help facilitate the process is key.
BE PREPARED with the Right Tools and Resources
An effective cybersecurity strategy is empowered by the right tools, helping your internal team and/or outsourced experts get the job done. Here are 3 key techniques to apply when you’re ready to advance your web filtering capabilities.
1. DNS Sanitization → following a web request, a call is made to where the Internet domain name and IP address reside. With DNS Sanitization, you can determine if the site is part of that user’s approved access, and if not, display a message that the access to the site is against policy and include a link directly to your online AUP.
There are several tools emerging that use machine learning to know if a site may be malicious, and some will automate blocking a dangerous DNS request. These kinds of technologies do the heavy lifting, so your security team doesn’t get backlogged.
2. NextGEN Firewalls (NGFW) → Most organizations have NextGEN firewalls these days. These devices are multi-functional and do more than just IP blocking. Modern firewalls offer deep packet inspection, so you can actually see what application(s) employees are opening, even if the traffic is encrypted. They also deliver intrusion prevention and give you the ability to use more data intelligence than ever before.
If the firewall’s bandwidth is not a concern, you can use SSL decryption to inspect traffic and see what is happening, essentially becoming the authorized middleman. It’s also important to remember that not everything needs to be decrypted, which will also save you bandwidth. Bigger organizations may find it easier and more cost-effective to offload that processing power to a proxy that can sanitize the data and company IP before it goes out. That makes your digital footprint more anonymous. Proxies and SSL decryption can go a long way in cost/risk savings and simplify your overall security posture without sacrificing critical security elements.
3. Cloud Access Security Broker (CASB) → Our CTO, Pete Schmitt, wrote a great blog about CASB, so I won’t elaborate too much other than to offer this: as your business expands and you move away from having on-premise hardware and software, enlisting a CASB can save you a world of time and complexity.
A CASB’s ability to let you know what kind of PII you have in the cloud, where it resides, and if it is publicly exposed will save you more than just time and a headache. Get proactive on this front, and work with a CASB solution to build an extended access control system in your cloud infrastructure that can be monitored, responded to and documented.
4. Secure Access Service Edge (SASE) → Tim McCulloch, our Director of Solution Architecture, wrote a great blog about SASE. So, I won’t elaborate too much other than to offer this: as your business continues to evolve in maintaining a remote workforce, SASE may be the strategy needed for growth.
A SASE solution offers some great flexibility for managing infrastructure, attack surface, threat and data protection while still allowing employees to access controlled resources. Finding the right solution might assist in layering in Zero Trust network access.
The truth is, there really is no ‘one size fits all’ approach to advancing your web filtering capabilities. Enhancing your strategy and architecture on this front will reduce your risk and help you be more prepared. While technology is an enabler of your strategy, it’s up to you to determine what is used to protect business assets and prevent data loss. Protecting the business without impacting productivity. Determining the level of risk the business is willing to accept for data loss, security incidents, or even productivity. Come prepared to justify the level of protection that is required to protect the business.
You may also be thinking, “I just don’t have the time to research all of the vendors offering these kinds of solutions.” I get it. Engaging an expert team to help you assess your unique requirements and then tailor a course of action fit specifically to you is a great next step.
Security should be an ongoing process, not a one-time project. If you begin with the end in mind, you’re one step closer to being prepared.